[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1379-1] curl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : curl
Version        : 7.26.0-1+wheezy25+deb7u1
CVE ID         : CVE-2018-1000301
Debian Bug     : #898856

It was discovered that there was an issue in the curl a command-line tool
for downloading (eg.) data over HTTP.

curl could have be tricked into reading data beyond the end of a heap
based buffer used to store downloaded content.

For more information, please see upstream's advisory at:

  https://curl.haxx.se/docs/adv_2018-b138.html

For Debian 7 "Wheezy", this issue has been fixed in curl version
7.26.0-1+wheezy25+deb7u1.

We recommend that you upgrade your curl packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlr8crsACgkQHpU+J9Qx
HlhKSg//d/ntJLcUprVeuGTnw5fTOGH8t2lSYoE/OH/uxi8u/KWt7DPPRraMA0ON
PxSN2tVoJfumIHJDxZKlHzCe4AtZVLrGXdABj3ARhNOIUAxv5EwS6v7kIkmkMXfq
Tsr8yTed//Oc7ZKsSbypMyH4hywrXOIvqVm50HvybRQe+f3vfWSVM8O1Jj5lpgjk
DeMiEf9O2mlDc43oFBQIanM5+QTv3LDx/KuL+M0RgHyDydOZDtqsrAO2eWeGq6FE
5jKaramWkslDWeU7JOxYt6/6yUo9b8BTuboc856h9R1/1PQLBMkfHM4Dlg3hQedF
OElZJ7napmfSXJgGM/n94SChrr1OW5LGsF3k99u/dN6txWF2gyhhkpGLU9Ef3bHn
CGC3xFXdEEN3jRlqjKNTVLO2CpXfdr6wxuzg40L41qufb102vAOvsSEW5joetG+w
bZxoTz3wRNyOAAAgfaZD0FHgn3erqTPFvyFK5SfRWa1mh20bZFSZOhCk14hARGJz
bFAgKD+NO+v7f37IGDRfw/WbyfwL2WtS9oUyioup5ty419QPBPFaZUjZY3LbOY7t
fngeTGlFbA2qgRWEZUgiZvupca4GdloV6l7Rmvt/D4Mwjas/uAxFrMBBUxdWvBQM
bbFT9ngVfxdqYwYHz0bNXUl1ptOLxgiF7vjEJemPzda48ifae/8=
=Dp/u
-----END PGP SIGNATURE-----


Reply to: